PT-2026-55480 · Jpeg-Xl · Jpeg-Xl

Published

2026-05-29

·

Updated

2026-07-02

·

CVE-2026-52834

CVSS v3.1

7.3

High

VectorAV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions // The product name cannot be determined. (affected versions not specified)
Description On 32-bit platforms, decoding a crafted JPEG XL image can lead to out-of-bounds writes due to an integer overflow during length calculation, potentially allowing arbitrary code execution. This occurs when the AlignedGrid::with alloc tracker() function computes width * height without proper checks, resulting in a backing buffer that is too small for the logical dimensions. This can be triggered by a frame with huge actual dimensions that exceeds the usize element count on 32-bit systems, or by a combination of a huge canvas and a tiny cropped frame during composition in the render frame() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-52834
GHSA-5PMV-RX8R-WMV5
RUSTSEC-2026-0151

Affected Products

Jpeg-Xl